Solved

How to Create New Active Directory from Directory Services recovery mode

Posted on 2006-07-13
12
544 Views
Last Modified: 2012-08-13
I have a Server 2003 std machine with a completely corrupt AD. I have tried repair and recovery but no joy.
ALL the existing backups seem to have been made after the corruption occured (it went unnoticed for just over a week).
My only option is to create a new AD and add the users etc. all over.
There is no Exchange Server installed so what's the quickest way to do this I can't seem to work it out (bearing in mind I can only get in in Directory Services recovery mode)?

Thanks
0
Comment
Question by:CoreDigital
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17098811
i havent tried but can you demote the machine in DS restore mode? run DCPROMO if that fails, run DCPROMO /FORCEREMOVAL and then use ntdsutil to perform a metadats cleanup

i do not know if this will run as i havent tried in the restore mode
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 17098920
You can't.  There is no way to remove/install AD from the Recovery Console.

It's a re-install, I'm afraid.

0
 
LVL 4

Author Comment

by:CoreDigital
ID: 17099867
Full re-install? Or will a repair install work?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 51

Expert Comment

by:Netman66
ID: 17099930
A repair won't work because your AD is no longer a base default installation - and it's this NTDS.DIT that's bad.

0
 
LVL 4

Author Comment

by:CoreDigital
ID: 17100437
That is kind of what I feared.
I have found a system state backup on some old media from about 2 years ago but I'm assuming that it will be too old.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17101857
Yes.  Tombstone is 60 days.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17101879
If you're looking to recover data rather than care about the domain, then install a temporary IDE HDD and install server, put the drivers on for the RAID controller then access and copy off any data you need from the array.

0
 
LVL 4

Author Comment

by:CoreDigital
ID: 17102147
As a last resort before a complete rebuild I copied over the NTDS folder from an old demoted raid drive from about six months ago and it now lets me back in and I can see all the users, computers etc. Only problem is that no workstations can log in (The message says that no domain controller can be found).
Am I any closer now? Or should I just bite the bullet?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17102520
You're no closer - the NTDS.DIT file is the AD database.  If it's not usable, then your domain is toast.

0
 
LVL 4

Author Comment

by:CoreDigital
ID: 17103674
Yes but I DO now have a "good" NTDS.DIT file it's just that it's a bit old and hasn't been restored in the usual manner. At least now I can access the server.
The reasoning I have is that there's just too much stuff installed on the server for it to be desirable to rebuild.
Now that I can login normally can I not demote then promote again (at the very worst)?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17104999
You can try DCPROMO /forceremoval - but I have my doubts.

Since this is the only DC you're going to lose the domain and all security principals so unless the applications installed are tolerant with all that then you're still in for a world of hurt.

The old NTDS.DIT is beyond 60 days so it will be a big problem if you try to use it again - besides, it's not as simple as copying the file there - it has to be restored with System state.

0
 
LVL 4

Author Comment

by:CoreDigital
ID: 17107196
Oh well it was worth a try. Time to go bury my head in it now.
Thanks
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question